This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.

Closed
Not a bug

FS#78 ACL/global bug: namespaces aren't right!

ACL & Authentication

2005-01-23

Hi,
Due to the code in getNS() (which gives back the UPPER namespace, eg in members:bobpage it gives back members) ACL cannot work right on multi level namespaces, example:
we have user bob with upload rights to his page, which is members:bobpage
user bob however, has no rights on the namespace members

- user bob logins and edits his page (members:bobpage)
- user bob now feels like uploading, he click the add image/file button, which checks ACL on namespace "member" instead of "member:bobpage", because of the bug i spoke of above.
- user bob will not be granted upload rights, because he has no rights on the namespace members

(it actually does what getNS did previsouly, that is, taking upper namespace)

Obvisouly this changes the whole logic of getNS, but I found nowhere where my new code actually bugs. To have flexible ACL's, one *needs* to know the full namespace where code is being executed. I think my solution is then just a quick fix, but I don't know the whole doku code, i just flew over it to find where the flaw was.

Please fix it :)

(kang A_T insecure dO_ooT ws)

2005-02-03jsiekmeyer

Files cannot be uploaded to pages, they are uploaded to namespaces. Correspondingly and according to wiki:acl the upload right belongs to namespaces, not to pages. So two possible solutions could be: Give all members the right to upload to the namespace "member" or create one namespace for each member (member:john, member:marsha and allow each member uploads to his/her own namespace.